'We want to proselytize,' he said. 'We are a distribution channel, but we see the postmark as a valuable service. We're hoping to move Office up a notch in trustworthiness.'

The Postal Service has been struggling to move its electronic services into the mainstream. (To read more about these efforts, go to www.gcn.com and enter 171 in the GCN.com/search box.)'It is really an e-sign enabler,' said Richard Reichgut, vice president of marketing for AuthentiDate Inc. of New York, which developed the technology for USPS.

The postmarking service has been slow to take off since its January introduction, however.'Most customers so far have been small users, kicking the tires,' said Chuck Chamberlain, USPS' manager of business development.

The Social Security Administration, probably the largest user so far, has incorporated the postmark in a handful of applications as part of its Secure Transport Service, which involves some electronic filing.

Microsoft is testing the postmark in a human resources application, Chamberlain said. The FBI is looking at it, and Indiana plans to begin using it in an application soon.

Chamberlain said he is not disappointed by the slow launch. Time-stamping and hash verification affect both security and policy, which most organizations must take time to consider. But Office 2003 puts e-postmarks within easy reach of individuals for the first time.

International model

The USPS service follows a framework of standards set by the United Nations. A hashing algorithm creates a digital fingerprint of a document on a user's computer. The hash travels to a USPS server, where it is time- and date-stamped using a National Institute of Standards and Technology time source, then digitally signed. The server returns a postmark with the USPS logo to the user for embedding in the document, and USPS keeps the signed hash for seven years.

The document's integrity is verified by clicking on the postmark to compare the current hash against the one stored by the Postal Service. Any changes to the document will result in a different hash. But the Postal Service never has the original document'only its hash'and the document cannot be recreated from the hash.

In theory, a signer cannot later repudiate a signed electronic document whose hash has been authenticated. That legal weight could be enhanced by a USPS postmark, which means the signer has in effect made an identity statement to a government agency.

Application developers can use a software kit to make function calls and invoke the service. Users of Office XP and 2003 can download and install the tool from a USPS server, which appears on the toolbar in Microsoft Word. Clicking on the tool postmarks a document.

The download is free, but USPS charges for postmarks. Individually they cost a little more than standard postage, about 60 cents each. In bulk, the price can come down to a few cents each.

The postmark extension in Office requires the user to digitally sign the document when applying for a postmark. The tool automatically searches for a digital certificate on the user's computer to enable signing. If no digital certificate is present, the user sees a prompt to obtain one online.

USPS does not issue certificates, however. It originally planned to do so but decided it made more sense to work through other certificate authorities, Crouse said.

One useful feature of the Office postmark is that a copy of the hash is returned to the document in the postmark, so anyone can verify the document locally without connecting to the USPS server. That is convenient, and the Postal Service's archiving of the original hash adds extra security.

'With brute force, you can break that hash eventually,' Chamberlain said. 'We knew that at some point computer power would catch up with the hash.'